058beadb6ae709f698c0eaf03bcfc32ba8a05ea770be16673c7b16cdb18ae4c6

Sharing

Copy URL Twitter E-mail

General

Target

058beadb6ae709f698c0eaf03bcfc32ba8a05ea770be16673c7b16cdb18ae4c6
Size

10.6MB
MD5

47d1fbab2e740e45bda8c976414415ed
SHA1

0afc4e71bc310de4acbd5aa03149f31970466b55
SHA256

058beadb6ae709f698c0eaf03bcfc32ba8a05ea770be16673c7b16cdb18ae4c6
SHA512

3994a52f4641e2e4ad7c3c99a20d1be2c8e24c1a5f76a03b98a21b5f931f63dec94e289a9967723f7ae32117143b5618a9640a6a2f1849ac55a2821cc4ed54a9
SSDEEP

196608:lg3saymVGoK0UjZDYIrQgKDWTpYomEHr9xQnKCM19SThTG8mDP5XPB9c:S3PYRjlYIrlKDG2o5HBei1sThTRmDPpk

Score

8^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/gghostCNGRhardiskCNGR/gghost80硬盘版/tools/DSPTW.dll	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/gghostCNGRhardiskCNGR/gghost80硬盘版/grub/md5.dll	upx
static1/unpack001/gghostCNGRhardiskCNGR/gghost80硬盘版/tools/Ghost32.exe	upx

Files

058beadb6ae709f698c0eaf03bcfc32ba8a05ea770be16673c7b16cdb18ae4c6
.rar
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/MEMDISK.GZ
.gz
memdisk
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/gghost.img
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/grldr
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/grldr.mbr
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/grubinst.dll
.exe windows x86

868abf0fe20ac8a507be6611a91d1b40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_close
_open
_read
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_lseeki64
_onexit
_setmode
atexit
fflush
fgetc
fprintf
fputs
memcpy
memset
perror
signal
sprintf
strchr
strcmp
strcpy
strlen
strncmp
strtol
strtoul

kernel32

ExitProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 928B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/grubmenu.dll
.exe windows x86

50238ac5f732deecd1170c29cba7065a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_close
_lseek
_open
_read
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chsize
_iob
_onexit
_setmode
atexit
fclose
fgets
fopen
fprintf
fputs
memset
perror
printf
signal
strcmp
strlen

kernel32

ExitProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/md5.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/grub/md5s.dll
.exe windows x86

fd4964aa9365c98b842bc77e881fe9cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
GetVersionExA
GetLastError
ReadFile
GetProcAddress
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
GetCPInfo
FindNextFileA
FindFirstFileA
FindClose
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
CloseHandle
CreateFileA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocaleInfoA
HeapReAlloc
FlushFileBuffers
LoadLibraryA
SetStdHandle
HeapSize
SetEndOfFile
RtlUnwind

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/install.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/039_0.bin
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/BootEdit.exe
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/DSPTW.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 10KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/Ghost32.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 761KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/Shortcut.exe
.exe windows x86

e265050412c5676a77d4b5b67d00ecf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LocalFree
FormatMessageA
LoadLibraryExA
MultiByteToWideChar
ExpandEnvironmentStringsA
SetStdHandle
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetStringTypeA
GetStringTypeW
HeapAlloc
VirtualAlloc
HeapReAlloc
CloseHandle

user32

MapVirtualKeyA
GetKeyNameTextA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/gghost.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/inifile.exe
.exe windows x86

75bb742fd545dc67eab7473606d57d6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strncpy
strlen
memcpy
strcpy
strcat

user32

CharToOemA

kernel32

GetModuleHandleA
HeapCreate
GetStdHandle
GetCommandLineA
WritePrivateProfileStringA
GetPrivateProfileStringA
HeapDestroy
ExitProcess
GetFullPathNameA
WriteFile
GetPrivateProfileIntA
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentDirectoryA
GetDriveTypeA
FindFirstFileA
FindClose

Sections

.code
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/new_repair.bat
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/off.ini
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/shutdown.exe
.exe windows x86

737dd07a058d0390144c6eb5454507b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ExitWindowsEx
MessageBoxW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
GetDlgItem
CheckDlgButton
EndDialog
EnableWindow
IsDlgButtonChecked
GetWindowTextLengthW
SetWindowTextW
SendMessageW
GetWindowTextW

ole32

CoCreateInstance
CoUninitialize
ReleaseStgMedium
CoInitialize

ntdll

_wtoi
wcscat
DbgPrint
_chkstk
wcsncmp
wcsstr
wcscpy
RtlAdjustPrivilege
RtlNtStatusToDosError
swprintf

netapi32

NetServerEnum
NetApiBufferFree

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__fmode

advapi32

InitiateSystemShutdownExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
AbortSystemShutdownW

kernel32

LocalFree
WriteFile
lstrlenA
WideCharToMultiByte
GetConsoleOutputCP
LocalAlloc
WriteConsoleW
GetConsoleMode
GetFileType
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetEnvironmentVariableW
lstrcmpW
GlobalLock
GlobalUnlock
lstrcpyW
LoadLibraryW
lstrlenW
GetStdHandle
FormatMessageW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetLastError

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/uninstall.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/winimage.exe
.exe windows x86

32533286508ba30af3236610276ca78f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

sndPlaySoundA
mciSendCommandA

mpr

WNetConnectionDialog
WNetGetUserA

kernel32

OutputDebugStringA
GetFileSize
MulDiv
GetTimeZoneInformation
DeleteFileA
WaitForSingleObject
SetEvent
FormatMessageA
CreateEventA
CreateThread
GetVersion
SetErrorMode
GetDiskFreeSpaceA
DeviceIoControl
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempPathA
lstrcmpA
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
QueryDosDeviceA
lstrcpynW
CreateFileW
lstrlenW
SetLastError
DefineDosDeviceA
CreateFileMappingA
GetSystemInfo
lstrcatW
lstrcpyW
GetFullPathNameA
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
FindResourceA
SetPriorityClass
FreeResource
LoadResource
QueryPerformanceCounter
GetTimeFormatA
GetCurrentThread
GetWindowsDirectoryA
GetDateFormatA
SizeofResource
CreateProcessA
SetThreadPriority
LockResource
GetModuleHandleA
ResumeThread
GetLocaleInfoA
GetNumberFormatA
GetUserDefaultLangID
LoadLibraryExA
GetOverlappedResult
lstrcpynA
GlobalMemoryStatus
RemoveDirectoryA
SetFileAttributesA
WideCharToMultiByte
WritePrivateProfileStringA
GetProfileStringA
WinExec
SetEndOfFile
CreateMutexA
ReleaseMutex
RtlUnwind
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
RaiseException
LCMapStringW
LCMapStringA
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
VirtualAlloc
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapSize
TerminateProcess
ExitProcess
GetVersionExA
GetCommandLineA
GetStartupInfoA
IsBadReadPtr
HeapReAlloc
CreateDirectoryA
HeapAlloc
HeapFree
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
InitializeCriticalSection
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileTime
MultiByteToWideChar
ReadFile
IsDBCSLeadByte
FileTimeToSystemTime
SetFileTime
SetFilePointer
DosDateTimeToFileTime
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
IsBadCodePtr
GetLocaleInfoW
FileTimeToDosDateTime
GetCPInfo
GlobalSize
GetSystemTime
GetTickCount
SystemTimeToFileTime
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
CloseHandle
lstrcmpiA
GetLastError
WriteFile
CreateFileA
lstrcpyA
GlobalReAlloc
FindNextFileA
GlobalHandle
FindClose
GlobalFree
FindFirstFileA
GlobalUnlock
lstrcatA
GlobalAlloc
GlobalLock
lstrlenA
InterlockedExchange
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileStringA

user32

GetIconInfo
CreateIconIndirect
LoadIconA
MoveWindow
SetMenuItemInfoA
GetMenuState
TrackPopupMenuEx
SetDlgItemInt
CallNextHookEx
GetSubMenu
WinHelpA
GetWindow
CheckMenuItem
SetMessageQueue
SystemParametersInfoA
UnhookWindowsHookEx
EnumChildWindows
LoadAcceleratorsA
SetWindowsHookExA
TranslateAcceleratorA
DrawIcon
SetForegroundWindow
IsZoomed
GetTopWindow
GetWindowDC
PostQuitMessage
SetMenu
CreatePopupMenu
AppendMenuA
DestroyMenu
ClientToScreen
CreateDialogParamA
LoadStringA
DialogBoxParamW
GetMenuStringW
SetWindowLongA
DestroyIcon
GetMenuStringA
CreateDialogParamW
InsertMenuW
InsertMenuA
RemoveMenu
EndPaint
GetClassNameA
SetTimer
KillTimer
DrawTextA
GetFocus
GetClientRect
BeginPaint
UnionRect
UnregisterClassA
CreateWindowExA
DefWindowProcA
GetSysColorBrush
IsWindowVisible
RegisterClassA
GetActiveWindow
ScreenToClient
WindowFromPoint
GetMessagePos
TranslateMessage
GetAsyncKeyState
DestroyCursor
GetCursorPos
IsWindow
DispatchMessageA
GetDesktopWindow
DialogBoxParamA
MessageBoxA
CharNextA
OemToCharA
CharToOemA
GetClipboardFormatNameA
DrawTextW
PeekMessageA
IsWindowEnabled
RegisterClassExA
SetClassLongA
UpdateWindow
LoadStringW
GetDlgCtrlID
RegisterClipboardFormatA
CharUpperA
DestroyWindow
GetSystemMenu
IsIconic
MessageBeep
EnableMenuItem
FillRect
GetScrollRange
GetDC
DrawFocusRect
SetRect
InvalidateRect
CharLowerA
ReleaseDC
GetSysColor
SetCursor
GetDlgItemInt
GetWindowRect
SendDlgItemMessageA
SetCapture
GetParent
wsprintfA
CharPrevA
SetFocus
GetWindowTextLengthA
SendMessageA
PtInRect
GetWindowTextA
GetWindowLongA
GetDlgItem
EndDialog
SetWindowPos
CheckDlgButton
ShowWindow
IsDlgButtonChecked
PostMessageA
CheckRadioButton
ReleaseCapture
GetSystemMetrics
SetWindowTextA
EnableWindow
CallWindowProcA
LoadCursorA
GetDlgItemTextA
SetDlgItemTextA
LoadMenuA
IsDialogMessageA
GetMenu
GetMessageA

gdi32

GetStockObject
GetTextExtentPointA
CreateBrushIndirect
SetBkMode
CreateFontIndirectA
GetDeviceCaps
LineTo
PatBlt
BitBlt
MoveToEx
TextOutA
SetTextColor
GetBkColor
GetTextExtentPoint32A
CreatePen
EndDoc
StartDocA
SetMapMode
SetAbortProc
StretchBlt
StartPage
EndPage
DeleteDC
SetBkColor
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsA
GetObjectA
CreateDIBitmap
CreateSolidBrush
ExtTextOutA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ChooseFontA

advapi32

RegSetValueExA
RegSetValueA
RegQueryValueA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA
FindExecutableA
SHGetDesktopFolder
DragAcceptFiles

ole32

OleInitialize
OleUninitialize
DoDragDrop
CoGetMalloc
CoTaskMemFree

Exports

Exports

createInstance

Sections

.text
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/winimage_sn.txt
gghostCNGRhardiskCNGR/gghost80硬盘版/tools/清除临时文件.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gghostCNGRhardiskCNGR/gghost80硬盘版/下载-比ACDSEE还强的图像软件.URL
.url
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/GGhost备份恢复工具_使用说明v8.CHM
.chm
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/dos界面.jpg
.jpg
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/安装选项.jpg
.jpg
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/最近升级.txt
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/简单模式.jpg
.jpg
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/简单模式v.jpg
.jpg
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/高级模式.jpg
.jpg
gghostCNGRhardiskCNGR/gghost80硬盘版/帮助文件/高级模式v.jpg
.jpg
gghostCNGRhardiskCNGR/gghost80硬盘版/必看说明.htm
gghostCNGRhardiskCNGR/gghost80硬盘版/河源下载站.url
.url
gghostCNGRhardiskCNGR/gghost80硬盘版/河源下载站Cngr.cn说明.txt
gghostCNGRhardiskCNGR/gghost80硬盘版/用firefox浏览器上网更安全.URL
.url

Sharing

General

Malware Config

Signatures

Files

868abf0fe20ac8a507be6611a91d1b40

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 928B

.idata Size: 1024B - Virtual size: 984B

50238ac5f732deecd1170c29cba7065a

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 48B

.rdata Size: 1024B - Virtual size: 608B

.bss Size: - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 860B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 4KB - Virtual size: 8KB

UPX2 Size: 512B - Virtual size: 4KB

fd4964aa9365c98b842bc77e881fe9cd

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

Headers

File Characteristics

Sections

CODE Size: 98KB - Virtual size: 98KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 30KB - Virtual size: 30KB

Headers

File Characteristics

Sections

.text Size: 10KB - Virtual size: 36KB

.data Size: 1024B - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 8KB

.bss Size: - Virtual size: 2KB

.idata Size: 1024B - Virtual size: 4KB

. Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 761KB - Virtual size: 764KB

.rsrc Size: 12KB - Virtual size: 12KB

e265050412c5676a77d4b5b67d00ecf8

Headers

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 28KB - Virtual size: 26KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 928B

.idata
Size: 1024B - Virtual size: 984B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 1024B - Virtual size: 608B

.bss
Size: - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 860B

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 4KB - Virtual size: 8KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

CODE
Size: 98KB - Virtual size: 98KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 10KB - Virtual size: 36KB

.data
Size: 1024B - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 8KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 4KB

.
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 761KB - Virtual size: 764KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 2KB

CODE
Size: 98KB - Virtual size: 98KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 30KB - Virtual size: 30KB

.code
Size: 3KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.flat
Size: 512B - Virtual size: 45B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

CODE
Size: 98KB - Virtual size: 98KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 30KB - Virtual size: 30KB